Three Things To Consider When Changing Your Firewall

Technology is constantly changing. Consumers and business alike often want the “latest and greatest” when it comes to hardware and software, but this is often particularly true when it comes to the security companies need to put into place to protect their networks and data.

Firewall technology has been a staple on computer networks for years, and businesses are always making sure that they are protected as much as possible. Even smaller businesses who in years past thought they might avoid malicious traffic and intrusions due to their size are now making sure they have some sort of firewall protection. With higher bandwidth services like Fiber Internet and Metro Ethernet becoming more and more commonplace, larger amounts of bandwidth can sometimes equal more opportunities for intrusion.

As firewall hardware improves and companies grow, they will often install new firewalls to keep up with their increased traffic and processes. We help clients by providing fully managed Watchguard firewalls when they’re requested (MegaNet is an authorized Watchguard partner), but many times clients will purchase and manage their own hardware, or work with an outside IT services vendor who can assist with setting up security.

Firewalls often have unique rules specific to each individual company to help keep them as protected as possible. Sometimes, however, when a new firewall is installed it can have a (temporary) negative impact on network and Internet performance.

If your company is considering installing a new firewall in the near future, whether on your own or with an IT consultant, here are three key things to consider as part of the process.

1. IP Ranges and Assignments – Firewalls will often hand out private internal IPs to all of the computers and devices on the network. Some companies may have multiple different subnets in order to keep traffic separate, and for ease of troubleshooting (IE 192.168.1.xxx for one department, then 192.168.2.xxx for another department). It’s important to note exactly what IPs are needed on the network, whether or not they’re static or dynamically assigned from the firewall, and any mappings that the firewall has to allow outside traffic into specifically designated IPs.

This situation is particularly important when a company has regular users outside of the company’s network that need to gain access to data, such as remote workers. If the new firewall doesn’t have the same IP settings and ranges, employees may be blocked from accessing the data they need to work.

2. Logging and Blocking Services – Many firewalls will have built in productivity suites that will block and/or log network traffic, making sure that employees aren’t visiting websites that could either run the risk of malicious downloads & infections, or to be honest, allowing employees to waste company time (social media, gaming websites, etc.). It’s important to have a record (or even export a file of the current firewall rules) so the new firewall continues to protect the company’s network and resources as soon as it comes online.

Many firewalls can also block specific types of software, such as peer to peer sharing, which can help protect the company’s network as well. Peer to peer networks often harbor malicious software designed to steal or lock data, and let’s face it – no company wants their entire Internet connection bogged down by an employee secretly torrenting every season of CSI: Miami… yes that did actually happen with one of our clients!

3. QoS and Service-Specific Settings – Many companies are running Quality of Service (QoS) on their firewalls to help give certain data and services priority on their network and Internet connection. The most popular of these services is VoIP, also known as digital voice. When normal Internet traffic encounters some local network congestion, users very rarely notice; however when VoIP traffic hits congestion, it can result in background noise or garbled communication.

To help prevent this, many firewalls can have QoS enabled to give priority to services like VoIP which will help reduce or eliminate service-related problems. We’ve had clients running QoS on their local firewalls to keep services like VoIP prioritized on their network, then install a new firewall and immediately experience issues with the services that previously had QoS enabled. It’s important to note exactly what services and traffic have been given priority or QoS on the old firewall, and match those settings as soon as the new firewall is enabled to prevent productivity-robbing problems.

We hope these three key areas will help your company prepare for a new firewall installation. Of course, there are many other services and topics your own specific setup might need to address, however these three main issues are the ones we see the most when our clients move to a new firewall.

If your business is concerned with security, download our free eBook ”Managed Security: Providing Enhanced Protection At A Lower Cost” to help determine the best methods to help keep your company protected.